|
libtase2
2.4.0
TASE.2/ICCP Protocol Source Code Library for C/C++
|
|
libtase2
2.4.0
TASE.2/ICCP Protocol Source Code Library for C/C++
|
Macros | |
| #define | TLS_EVENT_CODE_ALM_ALGO_NOT_SUPPORTED 1 |
| #define | TLS_EVENT_CODE_ALM_UNSECURE_COMMUNICATION 2 |
| #define | TLS_EVENT_CODE_ALM_CERT_UNAVAILABLE 3 |
| #define | TLS_EVENT_CODE_ALM_BAD_CERT 4 |
| #define | TLS_EVENT_CODE_ALM_CERT_SIZE_EXCEEDED 5 |
| #define | TLS_EVENT_CODE_ALM_CERT_VALIDATION_FAILED 6 |
| #define | TLS_EVENT_CODE_ALM_CERT_REQUIRED 7 |
| #define | TLS_EVENT_CODE_ALM_HANDSHAKE_FAILED_UNKNOWN_REASON 8 |
| #define | TLS_EVENT_CODE_WRN_INSECURE_TLS_VERSION 9 |
| #define | TLS_EVENT_CODE_INF_SESSION_RENEGOTIATION 10 |
| #define | TLS_EVENT_CODE_ALM_CERT_EXPIRED 11 |
| #define | TLS_EVENT_CODE_ALM_CERT_REVOKED 12 |
| #define | TLS_EVENT_CODE_ALM_CERT_NOT_CONFIGURED 13 |
| #define | TLS_EVENT_CODE_ALM_CERT_NOT_TRUSTED 14 |
| #define | TLS_EVENT_CODE_ALM_NO_CIPHER 15 |
| #define | TLS_EVENT_CODE_INF_SESSION_ESTABLISHED 16 |
Typedefs | |
| typedef struct sTLSConfiguration * | TLSConfiguration |
| typedef struct sTLSConnection * | TLSConnection |
| typedef void(* | TLSConfiguration_EventHandler) (void *parameter, TLSEventLevel eventLevel, int eventCode, const char *message, TLSConnection con) |
Enumerations | |
| enum | TLSConfigVersion { TLS_VERSION_NOT_SELECTED = 0 , TLS_VERSION_SSL_3_0 = 3 , TLS_VERSION_TLS_1_0 = 4 , TLS_VERSION_TLS_1_1 = 5 , TLS_VERSION_TLS_1_2 = 6 , TLS_VERSION_TLS_1_3 = 7 } |
| enum | TLSEventLevel { TLS_SEC_EVT_INFO = 0 , TLS_SEC_EVT_WARNING = 1 , TLS_SEC_EVT_INCIDENT = 2 } |
Functions | |
| PAL_API TLSConfiguration | TLSConfiguration_create (void) |
| Create a new TLSConfiguration object to represent TLS configuration and certificates and set owner count to 1. | |
| PAL_API TLSConfiguration | TLSConfiguration_claimOwnership (TLSConfiguration self) |
| Increase the owner count. | |
| PAL_API void | TLSConfiguration_setClientMode (TLSConfiguration self) |
| PAL_API const char * | TLSConfigVersion_toString (TLSConfigVersion version) |
| Convert TLS version number to string. | |
| PAL_API char * | TLSConnection_getPeerAddress (TLSConnection self, char *peerAddrBuf) |
| Get the peer address of the TLS connection. | |
| PAL_API uint8_t * | TLSConnection_getPeerCertificate (TLSConnection self, int *certSize) |
| Get the TLS certificate used by the peer. | |
| PAL_API TLSConfigVersion | TLSConnection_getTLSVersion (TLSConnection self) |
| Get the TLS version used by the connection. | |
| PAL_API void | TLSConfiguration_setEventHandler (TLSConfiguration self, TLSConfiguration_EventHandler handler, void *parameter) |
| Set the security event handler. | |
| PAL_API void | TLSConfiguration_enableSessionResumption (TLSConfiguration self, bool enable) |
| enable or disable TLS session resumption (default: enabled) | |
| PAL_API void | TLSConfiguration_setSessionResumptionInterval (TLSConfiguration self, int intervalInSeconds) |
| Set the maximum life time of a cached TLS session for session resumption in seconds. | |
| PAL_API void | TLSConfiguration_setChainValidation (TLSConfiguration self, bool value) |
| Enables the validation of the certificate trust chain (enabled by default) | |
| PAL_API void | TLSConfiguration_setAllowOnlyKnownCertificates (TLSConfiguration self, bool value) |
| Set if only known certificates are accepted. | |
| PAL_API bool | TLSConfiguration_setOwnCertificate (TLSConfiguration self, uint8_t *certificate, int certLen) |
| Set own certificate (identity) from a byte buffer. | |
| PAL_API bool | TLSConfiguration_setOwnCertificateFromFile (TLSConfiguration self, const char *filename) |
| Set own certificate (identity) from a certificate file. | |
| PAL_API bool | TLSConfiguration_setOwnKey (TLSConfiguration self, uint8_t *key, int keyLen, const char *keyPassword) |
| Set the own private key from a byte buffer. | |
| PAL_API bool | TLSConfiguration_setOwnKeyFromFile (TLSConfiguration self, const char *filename, const char *keyPassword) |
| Set the own private key from a key file. | |
| PAL_API bool | TLSConfiguration_addAllowedCertificate (TLSConfiguration self, uint8_t *certificate, int certLen) |
| PAL_API bool | TLSConfiguration_addAllowedCertificateFromFile (TLSConfiguration self, const char *filename) |
| Add a certificate to the list of allowed peer certificates. | |
| PAL_API bool | TLSConfiguration_addCACertificate (TLSConfiguration self, uint8_t *certificate, int certLen) |
| Add a CA certificate used to validate peer certificates from a byte buffer. | |
| PAL_API bool | TLSConfiguration_addCACertificateFromFile (TLSConfiguration self, const char *filename) |
| Add a CA certificate used to validate peer certificates from a file. | |
| PAL_API void | TLSConfiguration_setRenegotiationTime (TLSConfiguration self, int timeInMs) |
| Set the renegotiation timeout. | |
| PAL_API void | TLSConfiguration_setMinTlsVersion (TLSConfiguration self, TLSConfigVersion version) |
| Set minimal allowed TLS version to use. | |
| PAL_API void | TLSConfiguration_setMaxTlsVersion (TLSConfiguration self, TLSConfigVersion version) |
| Set maximal allowed TLS version to use. | |
| PAL_API bool | TLSConfiguration_addCRL (TLSConfiguration self, uint8_t *crl, int crlLen) |
| Add a CRL (certificate revocation list) from buffer. | |
| PAL_API bool | TLSConfiguration_addCRLFromFile (TLSConfiguration self, const char *filename) |
| Add a CRL (certificate revocation list) from a file. | |
| PAL_API void | TLSConfiguration_resetCRL (TLSConfiguration self) |
| Removes any CRL (certificate revocation list) currently in use. | |
| PAL_API void | TLSConfiguration_addCipherSuite (TLSConfiguration self, int ciphersuite) |
| Add an allowed ciphersuite to the list of allowed ciphersuites. | |
| PAL_API void | TLSConfiguration_clearCipherSuiteList (TLSConfiguration self) |
| Clear the list of allowed ciphersuites. | |
| PAL_API void | TLSConfiguration_destroy (TLSConfiguration self) |
| Release all resource allocated by the TLSConfiguration instance or decrease owner count. | |
| #define TLS_EVENT_CODE_ALM_ALGO_NOT_SUPPORTED 1 |
| #define TLS_EVENT_CODE_ALM_BAD_CERT 4 |
| #define TLS_EVENT_CODE_ALM_CERT_EXPIRED 11 |
| #define TLS_EVENT_CODE_ALM_CERT_NOT_CONFIGURED 13 |
| #define TLS_EVENT_CODE_ALM_CERT_NOT_TRUSTED 14 |
| #define TLS_EVENT_CODE_ALM_CERT_REQUIRED 7 |
| #define TLS_EVENT_CODE_ALM_CERT_REVOKED 12 |
| #define TLS_EVENT_CODE_ALM_CERT_SIZE_EXCEEDED 5 |
| #define TLS_EVENT_CODE_ALM_CERT_UNAVAILABLE 3 |
| #define TLS_EVENT_CODE_ALM_CERT_VALIDATION_FAILED 6 |
| #define TLS_EVENT_CODE_ALM_HANDSHAKE_FAILED_UNKNOWN_REASON 8 |
| #define TLS_EVENT_CODE_ALM_NO_CIPHER 15 |
| #define TLS_EVENT_CODE_ALM_UNSECURE_COMMUNICATION 2 |
| #define TLS_EVENT_CODE_INF_SESSION_ESTABLISHED 16 |
| #define TLS_EVENT_CODE_INF_SESSION_RENEGOTIATION 10 |
| #define TLS_EVENT_CODE_WRN_INSECURE_TLS_VERSION 9 |
| typedef struct sTLSConfiguration* TLSConfiguration |
| typedef void(* TLSConfiguration_EventHandler) (void *parameter, TLSEventLevel eventLevel, int eventCode, const char *message, TLSConnection con) |
| typedef struct sTLSConnection* TLSConnection |
| enum TLSConfigVersion |
| enum TLSEventLevel |
| PAL_API bool TLSConfiguration_addAllowedCertificate | ( | TLSConfiguration | self, |
| uint8_t * | certificate, | ||
| int | certLen ) |
Add a certificate to the list of allowed peer certificates from a byte buffer
| certificate | the certificate buffer |
| certLen | the length of the certificate buffer |
| PAL_API bool TLSConfiguration_addAllowedCertificateFromFile | ( | TLSConfiguration | self, |
| const char * | filename ) |
Add a certificate to the list of allowed peer certificates.
| filename | filename of the certificate file |
| PAL_API bool TLSConfiguration_addCACertificate | ( | TLSConfiguration | self, |
| uint8_t * | certificate, | ||
| int | certLen ) |
Add a CA certificate used to validate peer certificates from a byte buffer.
| certificate | the certificate buffer |
| certLen | the length of the certificate buffer |
| PAL_API bool TLSConfiguration_addCACertificateFromFile | ( | TLSConfiguration | self, |
| const char * | filename ) |
Add a CA certificate used to validate peer certificates from a file.
| filename | filename of the certificate file |
| PAL_API void TLSConfiguration_addCipherSuite | ( | TLSConfiguration | self, |
| int | ciphersuite ) |
Add an allowed ciphersuite to the list of allowed ciphersuites.
| self | the TLS configuration instance |
| ciphersuite | the ciphersuite to add (IANA cipher suite ID) |
| PAL_API bool TLSConfiguration_addCRL | ( | TLSConfiguration | self, |
| uint8_t * | crl, | ||
| int | crlLen ) |
Add a CRL (certificate revocation list) from buffer.
| crl | the buffer containing the CRL |
| crlLen | the length of the CRL buffer |
| PAL_API bool TLSConfiguration_addCRLFromFile | ( | TLSConfiguration | self, |
| const char * | filename ) |
Add a CRL (certificate revocation list) from a file.
| filename | filename of the CRL file |
| PAL_API TLSConfiguration TLSConfiguration_claimOwnership | ( | TLSConfiguration | self | ) |
Increase the owner count.
| self | the TLSConfiguration instance |
| PAL_API void TLSConfiguration_clearCipherSuiteList | ( | TLSConfiguration | self | ) |
Clear the list of allowed ciphersuites.
| self | the TLS configuration instance |
| PAL_API TLSConfiguration TLSConfiguration_create | ( | void | ) |
Create a new TLSConfiguration object to represent TLS configuration and certificates and set owner count to 1.
WARNING: Configuration cannot be changed after using for the first time.
| PAL_API void TLSConfiguration_destroy | ( | TLSConfiguration | self | ) |
Release all resource allocated by the TLSConfiguration instance or decrease owner count.
NOTE: Do not use the object after calling this function!
| self | the TLS configuration instance |
| PAL_API void TLSConfiguration_enableSessionResumption | ( | TLSConfiguration | self, |
| bool | enable ) |
enable or disable TLS session resumption (default: enabled)
NOTE: Depending on the used TLS version this is implemented by session IDs or by session tickets.
| enable | true to enable session resumption, false otherwise |
| PAL_API void TLSConfiguration_resetCRL | ( | TLSConfiguration | self | ) |
Removes any CRL (certificate revocation list) currently in use.
| PAL_API void TLSConfiguration_setAllowOnlyKnownCertificates | ( | TLSConfiguration | self, |
| bool | value ) |
Set if only known certificates are accepted.
If set to true only known certificates are accepted. Connections with unknown certificates are rejected even if they are signed by a trusted authority.
| value | true to enable setting, false otherwise |
| PAL_API void TLSConfiguration_setChainValidation | ( | TLSConfiguration | self, |
| bool | value ) |
Enables the validation of the certificate trust chain (enabled by default)
| value | true to enable chain validation, false to disable |
| PAL_API void TLSConfiguration_setClientMode | ( | TLSConfiguration | self | ) |
| PAL_API void TLSConfiguration_setEventHandler | ( | TLSConfiguration | self, |
| TLSConfiguration_EventHandler | handler, | ||
| void * | parameter ) |
Set the security event handler.
| handler | the security event callback handler |
| parameter | user provided parameter to be passed to the callback handler |
| PAL_API void TLSConfiguration_setMaxTlsVersion | ( | TLSConfiguration | self, |
| TLSConfigVersion | version ) |
Set maximal allowed TLS version to use.
| PAL_API void TLSConfiguration_setMinTlsVersion | ( | TLSConfiguration | self, |
| TLSConfigVersion | version ) |
Set minimal allowed TLS version to use.
| PAL_API bool TLSConfiguration_setOwnCertificate | ( | TLSConfiguration | self, |
| uint8_t * | certificate, | ||
| int | certLen ) |
Set own certificate (identity) from a byte buffer.
| certificate | the certificate buffer |
| certLen | the lenght of the certificate |
| PAL_API bool TLSConfiguration_setOwnCertificateFromFile | ( | TLSConfiguration | self, |
| const char * | filename ) |
Set own certificate (identity) from a certificate file.
| filename | of the certificate file |
| PAL_API bool TLSConfiguration_setOwnKey | ( | TLSConfiguration | self, |
| uint8_t * | key, | ||
| int | keyLen, | ||
| const char * | keyPassword ) |
Set the own private key from a byte buffer.
| key | the private key to use |
| keyLen | the length of the key |
| password | the password of the key or null if the key is not password protected |
| PAL_API bool TLSConfiguration_setOwnKeyFromFile | ( | TLSConfiguration | self, |
| const char * | filename, | ||
| const char * | keyPassword ) |
Set the own private key from a key file.
| filename | filename/path of the key file |
| password | the password of the key or null if the key is not password protected |
| PAL_API void TLSConfiguration_setRenegotiationTime | ( | TLSConfiguration | self, |
| int | timeInMs ) |
Set the renegotiation timeout.
After the timeout elapsed a TLS session renegotiation has to occur.
| timeInMs | session renegotiation timeout in milliseconds |
| PAL_API void TLSConfiguration_setSessionResumptionInterval | ( | TLSConfiguration | self, |
| int | intervalInSeconds ) |
Set the maximum life time of a cached TLS session for session resumption in seconds.
| intervalInSeconds | the maximum lifetime of a cached TLS session |
| PAL_API const char * TLSConfigVersion_toString | ( | TLSConfigVersion | version | ) |
Convert TLS version number to string.
| version | TLS version number |
| PAL_API char * TLSConnection_getPeerAddress | ( | TLSConnection | self, |
| char * | peerAddrBuf ) |
Get the peer address of the TLS connection.
| self | the TLS connection instance |
| peerAddrBuf | user provided buffer that can hold at least 60 characters, or NULL to allow the function to allocate the memory for the buffer |
| PAL_API uint8_t * TLSConnection_getPeerCertificate | ( | TLSConnection | self, |
| int * | certSize ) |
Get the TLS certificate used by the peer.
| self | the TLS connection instance |
| certSize[OUT] | the certificate size in bytes |
| PAL_API TLSConfigVersion TLSConnection_getTLSVersion | ( | TLSConnection | self | ) |
Get the TLS version used by the connection.
| self | the TLS connection instance |
1.12.0